In association with heise online

16 April 2012, 15:40

New Mac malware exploits old Java hole

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Zoom One of the signatures Sophos says it has found
Security specialist Sophos reports that it has discovered new Mac malware which exploits the same Java hole in Mac OS X that was also used by the "Flashback" malware and has since been closed by Apple. The backdoor trojan is called "OSX/Sabpab-A" and is said to establish a HTTP connection to a command & control server once it has infected a computer. According to Sophos's Graham Cluley, attackers then have the ability to execute arbitrary commands, upload and download files, and take screenshots on infected systems.

The security firm says that, like Flashback, OSX/Sabpab-A spreads via the web; apparently, simply visiting a malicious web page on a Mac with an unpatched version of Java is all that's required to become infected. Sophos provides no further details on the distribution of the malware but has given it a low "prevalence" rating.

Users can protect their systems by installing the latest Java updates, which fixes the problem and automatically disables the Java web plugin by default; users can re-enable this via the Java Preferences application (Applications ➤ Utilities ➤ Java Preferences).

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit